Acceptance criteria
- The endpoint should accept a parameter to determine if privately registered participants should be included
- There should be a permission check on that
- For each participant, the response should say whether they're privately registered or not
- The documentation of the endpoint should be updated